HIPAA Journal reports: A class action lawsuit filed by two former patients against BJC HealthCare over a March 2020 email data breach has survived two motions to dismiss. Leaha Sweet and Bradley Dean Taylor took legal action against St. Louis-based BJC HealthCare in September 2020 after being notified that their protected health information had potentially…
Digging into Decoder.re in Kaseya ransom notes– threat intel by Resecurity
Interesting #threatintel thread on Twitter this morning from Resecurity (Full disclosure: I worked with one of their team a number of years ago.). Their research findings do not seem to be up on their web site at this time, so hopefully you can access it on Twitter. The thread begins here. In light of the…
Malware campaign targets companies waiting for Kaseya security patch
Graham Cluley reports: While the world continues to wait for Kaseya to issue an update to patch VSA installations against a vulnerability exploited by the REvil ransomware gang, security firm Malwarebytes has spotted a malware campaign which is taking advantage of the vacuum. In a tweet, security researchers shared details of a malicious email that was sent…
Marsh McLennan reveals April data breach involving third-party software
Gavin Souter reports: Marsh & McLennan Cos. Inc. was hit by a data breach in April involving access to Social Security numbers and other personal information of staff, former staff, clients and a range of other people linked to the brokerage. The company sent a breach notification dated June 30, which was obtained by Business Insurance, stating…
HHS warns health systems of PACS security vulnerabilities — again
Mike Miliard reports: The U.S. Department of Health and Human Services is warning hospitals and health systems that a security vulnerability in picture archive communication systems, first discovered two years ago, is a problem that needs fixing now. WHY IT MATTERS In 2019, cyber researchers found a flaw in some PACS that, if exploited, could…
Russia ‘Cozy Bear’ Hackers Breached GOP as Ransomware Attack Hit
I could be wrong, but maybe Putin wasn’t being totally sincere when he indicated he would work with U.S. on dealing with hacking from Russia. William Turton and Jennifer Jacobs report: Russian government hackers breached the computer systems of the Republican National Committee last week, around the time a Russia-linked criminal group unleashed a massive ransomware attack,…